fix: make OAuthProviderOptions generic over Env type#150
Merged
mattzcarey merged 6 commits intocloudflare:mainfrom Feb 25, 2026
Merged
fix: make OAuthProviderOptions generic over Env type#150mattzcarey merged 6 commits intocloudflare:mainfrom
mattzcarey merged 6 commits intocloudflare:mainfrom
Conversation
The handler types (apiHandler, defaultHandler) were using non-generic ExportedHandler which caused TypeScript errors when users passed handlers with typed Env. This required @ts-expect-error workarounds in all examples. Now OAuthProviderOptions<Env> properly threads the Env type through to the handler types, allowing strongly-typed environments without casts. Fixes cloudflare#71
🦋 Changeset detectedLatest commit: e4198a0 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
commit: |
- Default Env to `any` instead of `unknown` to preserve backward compatibility and avoid contravariance issues with handler types - Replace @ts-expect-error on ctx.props with MutableExecutionContext type alias for more precise type override - Make mock WorkerEntrypoint generic with Env = any default
threepointone
approved these changes
Feb 25, 2026
Collaborator
threepointone
left a comment
threepointone
left a comment
There was a problem hiding this comment.
straightforward. don't love the explicit any, but fixing that would be a much bigger refactor.
Contributor
Author
happy to make it default to |
Address reviewer feedback by changing `Env = any` defaults to `Env = Cloudflare.Env` across all generic types. This aligns with Cloudflare's own WorkerEntrypoint<Env = Cloudflare.Env> pattern and removes explicit `any` from the public API.
Merged
mattzcarey
pushed a commit
that referenced
this pull request
Feb 26, 2026
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @cloudflare/workers-oauth-provider@0.2.4 ### Patch Changes - [#136](#136) [`a8c5936`](a8c5936) Thanks [@mattzcarey](https://github.com/mattzcarey)! - Add `/.well-known/oauth-protected-resource` endpoint (RFC 9728) for OAuth 2.0 Protected Resource Metadata discovery, as required by the MCP authorization specification. The endpoint is always served with sensible defaults (request origin as resource and authorization server), and can be customized via the new `resourceMetadata` option. - [#151](#151) [`dbb150e`](dbb150e) Thanks [@mattzcarey](https://github.com/mattzcarey)! - Add `allowPlainPKCE` option to enforce S256-only PKCE as recommended by OAuth 2.1. When set to false, the plain PKCE method is rejected and only S256 is accepted. Defaults to true for backward compatibility. - [#140](#140) [`65d5cfa`](65d5cfa) Thanks [@mattzcarey](https://github.com/mattzcarey)! - Fix apiHandler route matching when set to '/' to use exact match instead of prefix match, preventing it from matching all routes and breaking OAuth endpoints - [#150](#150) [`734738c`](734738c) Thanks [@mattzcarey](https://github.com/mattzcarey)! - Fix TypeScript types by making OAuthProviderOptions generic over Env, eliminating the need for @ts-expect-error workarounds when using typed environments - [#145](#145) [`6ce5c10`](6ce5c10) Thanks [@mattzcarey](https://github.com/mattzcarey)! - Add RFC 8252 Section 7.3 compliance: allow any port for loopback redirect URIs (127.x.x.x, ::1) to support native apps that use ephemeral ports - [#143](#143) [`8909060`](8909060) Thanks [@mattzcarey](https://github.com/mattzcarey)! - Include `resource_metadata` URL in `WWW-Authenticate` headers on 401 responses per RFC 9728 §5.1, enabling clients to discover the protected resource metadata endpoint directly from authentication challenges. Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This was referenced Feb 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Makes
OAuthProviderOptions<Env>generic to properly thread theEnvtype through handler types, eliminating TypeScript errors when using typed environments.Changes
OAuthProviderOptions<Env>— now generic, threadingEnvthrough all handler typesExportedHandlerWithFetch<Env>andWorkerEntrypointWithFetch<Env>— accept generic parameterTypedHandler<Env>— discriminated union now genericOAuthProvider<Env>class — generic, passesEnvto internal implementationgetOAuthApi<Env>()function — now genericEnv = anytoEnv = Cloudflare.Env(per reviewer feedback)Why
Cloudflare.Envas the default?WorkerEntrypoint<Env = Cloudflare.Env>uses the same defaultwrangler types— generatesinterface Env extends Cloudflare.Env {}, which is compatibleanyin public API — addresses reviewer feedback about explicitanyEnvcontinues to workProblem
When using typed environments in Cloudflare Workers, passing handlers with typed
EnvtoOAuthProviderOptionscaused TypeScript errors because the handler types used non-genericExportedHandler. This required@ts-expect-errorworkarounds.Solution
By making
OAuthProviderOptionsgeneric overEnv(defaulting toCloudflare.Env), the type system properly threads the environment type through to all handler types.Example Usage
Fixes #71
Test Plan
npm run typecheck— all types check successfullynpm run test— all 216 tests passnpm run prettier— code formatted correctlywrangler types